900c90ccbe
In the case where a read packet has been received from the server, but the entire contents couldn't be copied to the user-buffer, the data is instead buffered and copied to the user's buffer in the next invocation of sftp_read(). When that "extra" copy is made, the 'offset' pointer was not advanced accordingly. The biggest impact of this flaw was that the 'already' variable at the top of the function that figures out how much data "ahead" that has already been asked for would slowly go more and more out of sync, which could lead to the file not being read all the way to the end. This problem was most noticable in cases where the application would only try to read the exact file size amount, like curl does. In the examples libssh2 provides the sftp read function is most often called with a fixed size large buffer and then the bug would not appear as easily. This bug was introduced in the SFTP rewrite in 1.2.8. Bug: http://curl.haxx.se/mail/lib-2011-08/0305.html http://www.libssh2.org/mail/libssh2-devel-archive-2011-08/0085.shtml
libssh2 - SSH2 library ====================== libssh2 is a library implementing the SSH2 protocol, available under the revised BSD license. Web site: http://www.libssh2.org/ Mailing list: http://cool.haxx.se/mailman/listinfo/libssh2-devel Generic installation instructions are in INSTALL. Some ./configure options deserve additional comments: * --enable-crypt-none The SSH2 Transport allows for unencrypted data transmission using the "none" cipher. Because this is such a huge security hole, it is typically disabled on SSH2 implementations and is disabled in libssh2 by default as well. Enabling this option will allow for "none" as a negotiable method, however it still requires that the method be advertized by the remote end and that no more-preferable methods are available. * --enable-mac-none The SSH2 Transport also allows implementations to forego a message authentication code. While this is less of a security risk than using a "none" cipher, it is still not recommended as disabling MAC hashes removes a layer of security. Enabling this option will allow for "none" as a negotiable method, however it still requires that the method be advertized by the remote end and that no more-preferable methods are available. * --disable-gex-new The diffie-hellman-group-exchange-sha1 (dh-gex) key exchange method originally defined an exchange negotiation using packet type 30 to request a generation pair based on a single target value. Later refinement of dh-gex provided for range and target values. By default libssh2 will use the newer range method. If you experience trouble connecting to an old SSH server using dh-gex, try this option to fallback on the older more reliable method. * --with-libgcrypt * --without-libgcrypt * --with-libgcrypt-prefix=DIR libssh2 can use the Libgcrypt library (http://www.gnupg.org/) for cryptographic operations. Either Libgcrypt or OpenSSL is required. Configure will attempt to locate Libgcrypt automatically. If your installation of Libgcrypt is in another location, specify it using --with-libgcrypt-prefix. * --with-openssl * --without-openssl * --with-libssl-prefix=[DIR] libssh2 can use the OpenSSL library (http://www.openssl.org) for cryptographic operations. Either Libgcrypt or OpenSSL is required. Configure will attempt to locate OpenSSL in the default location. If your installation of OpenSSL is in another location, specify it using --with-libssl-prefix. * --with-libz * --without-libz * --with-libz-prefix=[DIR] If present, libssh2 will attempt to use the zlib (http://www.zlib.org) for payload compression, however zlib is not required. If your installation of Libz is in another location, specify it using --with-libz-prefix. * --enable-debug Will make the build use more pedantic and strict compiler options as well as enable the libssh2_trace() function (for showing debug traces).